<?php
include ("../session.php");
Openconn();
SelectDB(auth);

$uid = $_SESSION["uid"];
$opstat = $_GET['st'];
settype($opstat, "bool");

if($_GET['op']=="") {
	echo "<div align=center style=padding:5px;>
		<a href=\"?do=edit&op=pchange\">Смена пароля</a><br>
		<a href=\"?do=edit&op=echange\">Смена e-mail</a><br>
		<a href=\"?do=edit&op=unban\">Разбан аккаунта</a><br>
	</div>";
}
elseif($_GET['op']=="pchange") {
	if ($opstat==0) {
		echo "<center><form  method=\"post\" action=\"?do=edit&op=pchange&st=1\"><table>";
		echo "<tr><td>Старый пароль:</td><td><input name=\"oldpass\" type=\"password\" size=\"10\" maxlength=\"20\"></td></tr>";
		echo "<tr><td>Новый пароль:</td><td><input name=\"newpass\" type=\"password\" size=\"10\" maxlength=\"20\"></td></tr>";
		echo "<tr><td colspan=\"2\"  align=\"center\"><input type=\"submit\" value=\"Сменить\"></td></tr>";
		echo "</table></form></center>";
	}
	else {
		$np =  trim(mysql_escape_string($_POST['newpass']));
		$op =  trim(mysql_escape_string($_POST['oldpass']));
		$q = "SELECT `sha_pass_hash` FROM `account` WHERE `id` = '%d'";
		$query = sprintf($q, $uid);
		$user_a = mysql_fetch_array(mysql_query($query));
		$pass = $user_a['sha_pass_hash'];
		$userlogin = $_SESSION["accname"];
		$sph =  sha1(strtoupper("$userlogin") .":". strtoupper("$op"));
		if ($sph==$pass) {
			$newsph = sha1(strtoupper("$userlogin") .":". strtoupper("$np"));
			$q = "UPDATE `account` SET `sha_pass_hash`='%s' WHERE `id`='%d'";
			$query = sprintf($q, $newsph, $uid);
			mysql_query($query);
			echo "<center><b><font color=\"#00FF00\">Пароль изменен !</font></b></center>";
		} else {
			echo "<center><b><font color=\"#FF0000\">Ошибка!</font></b><br>";
			echo "<a href=\"?do=edit&op=pchange\">Назад</a></center>";
		}
	}
}
elseif($_GET['op']=="echange") {
	if ($opstat==0) {
		echo "<div align=center style=padding:5px><form  method=\"post\" action=\"?do=edit&op=echange&st=1\">";
		echo "Новый e-mail: <input name=\"newemail\" type=\"text\" size=\"15\" maxlength=\"20\"><br>";
		echo "<input type=\"submit\" value=\"Сменить\">";
		echo "</form></div>";
	}
	else {
		$nm =  trim(mysql_escape_string($_POST['newemail']));
		if(!preg_match("/[0-9a-z_]+@[0-9a-z_^\.]+\.[a-z]{2,3}/i", $nm)) {
			echo "<center>";
			echo "<b><font color=\"#FF0000\">e-mail указан неверно!</font></b><br>";
			echo "<a href=\"?do=edit&op=echange\">Назад</a>";
			echo "</center>";
		} else {
			$q = "UPDATE `account` SET `email`='%s' WHERE `id`='%d'";
			$query = sprintf($q, $nm, $uid);
			mysql_query($query);
			echo "<center><b><font color=\"#00FF00\">e-mail изменен!</font></b></center>";
		}
	}
}

elseif($_GET['op']=="unban") {
	if($opstat ==0) {
		if (!checkban($uid)) {
			echo "<center><b><font color=\"#00FF00\">Ваша учетная запись не забанена!</font></b></center>";
		}
		else {
			echo "<div align=center style=padding:5px;>Цена снятия бана: <b>150</b> бонусов<br>";
			echo "<input type='button' onclick=location.href='?do=edit&op=unban&st=1' value='Снять Бан'>";
		}
	} else {
		if (!checkban($uid)) {
			echo "<center><b><font color=\"#00FF00\">Ваша учетная запись не забанена!</font></b></center>";
		} else {
			$q =  "SELECT `bonuses` FROM `account` WHERE `id`='%d'";
			$query = sprintf($q, $uid);
			$user_a = mysql_fetch_array(mysql_query($query));
			$bonuses = $user_a['bonuses'];
			if ($bonuses<150) {
				echo "<center><b><font color=\"#FF0000\">У Вас недостаточно бонусов для совершения этой операции!</font></b></center>";
			} else {
				mysql_query("UPDATE `account` SET `bonuses`=bonuses-150 WHERE `id`='$uid'");
				mysql_query("DELETE FROM `account_banned` WHERE `id`='$uid'");
				echo "<center><b><font color=\"#00FF00\">Учетная запись разбанена!</font></b></center>";
			}
		}
	}
}
?>
